Pangolin is an identity-aware tunneled reverse proxy. It installs via an interactive script the first time you log in to your VPS over SSH.
Requirements before running the installer
Make sure you have:
A domain pointing to your VPS IP for the Pangolin dashboard
An email address for Let’s Encrypt and admin login
Firewall ports 80/tcp, 443/tcp, 51820/udp, and 21820/udp open
Pangolin does not support using only a raw IP address for the dashboard. You must have a domain and be able to create DNS records.
Installation flow over SSH
On first SSH login, the installer prompts you for:
Base domain (example:
example.com)Dashboard domain (for example:
pangolin.example.com)Email address for Let’s Encrypt and admin login
Whether to install tunneling support via Gerbil
Whether to enable SMTP support (optional)
The script then pulls the required Docker images (Pangolin, Gerbil, Traefik) and starts the containers. This usually takes a few minutes.
You will also be asked if you want to install CrowdSec. This adds extra security tooling but also extra complexity, so it is safer to leave it disabled initially unless you know how you want to configure it.
Complete setup in the web dashboard
At the end of the installation, Pangolin prints a setup token and a URL, similar to:
https://pangolin.example.com/auth/initial-setup
Copy the token and open the URL in your browser. Enter the token when prompted, then create your admin account and finish the initial configuration.
The dashboard will be served over HTTPS using a Let’s Encrypt certificate. It might take a short while for the first certificate to become fully trusted, so you may see a browser warning briefly.
For routing rules, identity policies, and tunneling configuration, refer to the official Pangolin documentation.
